6
Some Basic Definitions Information Survivability: “The ability of a system to continue to operate in the presence of faults, anomalous system behaviour, or malicious attack.” Fault Injection: “The process of perturbing program behaviour by corrupting a program state during program execution.”

7
Three Primary Threats to Survivability: Software Flaws Malicious Attacks Anomalous Behaviour of Third Party Software

14
FIST FIST Analysis was performed over a variety of network service daemons Several potentially exploitable locations were identified Security violation identified in WU-FTPD was later independently discovered and reported by CERT-CC

17
IPA Propagation From Corrupts data exiting a component to observe the types of system failures that ensue. Provides information regarding semantic interactions between components as a measure of tolerance

19
Conclusions Fault Injection Analysis can be used in an unconventional way to test survivability in several different scenarios: – Software flaws in program source code – Malicious attacks – Anomalous behaviour from third party software By identifying problem components and functions automatically, drastically reduce areas that require manual analysis